Threat intelligence analysis docs
IP resolutions
Analyzes domain's IP addresses and their geographical distribution and performs reverse IP lookup.
Main infrastructure servers
List of the IP addresses the target domain name is resolved to, considering the domain's name servers, mail servers and subdomains. To build a report for one of the domains, click "Build report".
|
Output column
|
Sample output
|
What it means?
|
|---|---|---|
| Domain name | google.com | The IP resolution search term |
| Kind | web | The kind of the resource. The available resource kinds list is provided below. |
| IPv4 | 127.0.0.1 | The resource's IPv4 address |
Available resource kinds:
|
Indicator
|
What it means?
|
|---|---|
| web | The target website |
| www.web | The WWW subdomain if exists |
| Subdomain | If the target website is a subdomain having an 'A' record, TIP shows all the subdomains which also have 'A' records. Example: for sub1.sub2.example.com TIP checks IP resolution sub1.sub2.example.com,sub2.example.com and example.com |
| MX | Mail exchanger server (see 'mail servers' section) |
| NS | Name server (see 'name servers' section) |
Other domains on the same IP
List of the domains which resolved to the same IP as the target website. To build a report for one of the domains, click "Build report".
|
Output column
|
Sample output
|
What it means?
|
|---|---|---|
| Domain name | google.com | The domain name which is resolved to the same IP address. |
Domains on this IP
List of the domains which resolved to the same IP as the target IP. To build a report for one of the domains, click "Build report".
|
Output column
|
Sample output
|
What it means?
|
|---|---|---|
| Domain name | google.com | The domain name which resolved to the same IP as the target IP. |
IP distribution
Shows the map with the geographical distribution of the IP addresses related to the target website.
|
Indicator
|
What it means?
|
|---|---|
| web | The target website |
| www.web | The WWW subdomain if exists |
| Subdomain | If the target website is a subdomain having an 'A' record, TIP shows all the subdomains which also have 'A' records. Example: for sub1.sub2.example.com TIP checks IP resolution sub1.sub2.example.com,sub2.example.com and example.com |
| Connected domains | The domain is referenced from the target website (see "Website analysis" section) |
| MX | Mail exchanger server (see "mail servers" section) |
| NS | Name server (see "name servers" section) |
Example output:
To see an IP geo and subnet information, click any marker on the map.
Geo IP information block:
|
Output column
|
Sample output
|
What it means?
|
|---|---|---|
| Domain name | google.com | The domain name connected to the selected IP. |
| Post Address | USA California Los Angeles 90001 | The possible postal address where the selected IP is registered. |
| Coordinates | 34''3.13338'/118''14.6208' | The latitude and the longitude corresponding to the selected IP. |
| Time zone | GMT-8 | Timezone of the selected IP. |
Subnet information block:
|
Output column
|
Sample output
|
What it means?
|
|---|---|---|
| Network name | IANA-BLK | The name of a range of IP address space. |
| IP block | 0.0.0.0 - 255.255.255.255 | The range of IP address space, which the target IP address belongs to. |
| Country | US | Country where the IP Block is registered. |
| Registered on | 10.10.12 | IP Block registration date. |
| Updated on | 10.10.15 | IP Block last update. |
Known subdomains
List of the known subdomains for the target domain. To build a report for one of the domains, click "Build report".
|
Output column
|
Sample output
|
What it means?
|
|---|---|---|
| Domain name | google.com | The IP resolution search term |
| IPv4 | 74.125.23.26 | The resource's IPv4 address |
Connected domains
List of domains referenced from the target website, considering subdomains as separate domain names. These include links, external images, CSS, scripts or Iframe sources. Only unique occurrences are displayed. To build a report for one of the connected domains, click "Build report".
| Indicator | Sample output | What it means? |
|---|---|---|
| Outgoing link | itunes.apple.com | Found links to the domain name specified. it's referenced in the <a> tag. |
| External JavaScript | code.jquery.com | Found scripts loaded from the domain name specified. In most cases, it's referenced in the <script> tag. |
| External image | cdn.images.com | Found images loaded from the domain name specified. In most cases, it's referenced in the <img> tag. |
| External CSS | maxcdn.bootstrapcdn.com | Found CSS loaded from the domain name specified. In most cases, it's referenced from the <link> tag. |
| Iframe source | example.com | Found Iframe loaded from the domain name specified. It's referenced from the <iframe> tag. |
Have questions?
We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.
For a quick response, please select the request type that best suits your needs.
Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.